From owner-freebsd-security Mon Jul 20 09:31:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA27669 for freebsd-security-outgoing; Mon, 20 Jul 1998 09:31:40 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pfunk.crown.net (gbieker@pfunk.crown.net [208.137.2.68]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA27664 for ; Mon, 20 Jul 1998 09:31:38 -0700 (PDT) (envelope-from gbieker@pfunk.crown.net) Received: from localhost (gbieker@localhost) by pfunk.crown.net (8.8.8/8.8.5) with SMTP id LAA23337 for ; Mon, 20 Jul 1998 11:28:33 -0500 Date: Mon, 20 Jul 1998 11:28:33 -0500 (CDT) From: "Gentry A. Bieker" To: security@FreeBSD.ORG Subject: Re: Why is there no info on the QPOPPER hack? In-Reply-To: Message-ID: X-NOSPAM: All Unsolicited Commercial E-Mail sent to this address may be subjected to a reading and archival fee not less than US Dollars. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Sun, 19 Jul 1998, Brett Glass wrote: > > > Our system has been penetrated via a buffer overflow exploit in Qualcomm's > > QPOPPER, as obtained from the FreeBSD ports library. But there's no > > advisory about this on FreeBSD's site.... In fact, we learned of the > > exploit only because the cracker was sloppy. > > > > We need advice on resecuring the system and preventing future incidents of > > this kind. CERT has been utterly unresponsive; they seem to have ignored > > our two e-mails asking for help. Any help we can get from members of the > > FreeBSD community would be MUCH appreciated. > > > > --Brett Glass > > Exactly what are you thinking here. In almost EVERY email that I recieved from the security mailinglists at freebsd, and in almost every isp-* mailinglist I subscribe to, it was at least every other message "QPOPPER this, QPOPPER that". You can't expect your system to be automaticly secure. It just won't happen. The CERT isn't there to maintain your systems, YOU are... You don't expect all of your software to automaticly upgrade for you, do you? Then why expect a secure system with little or no effort. ------------------------------------------------------------------------ -[ Gentry A. Bieker ]---------[ 6300 Melton Rd. ]-------- -[ Systems Administrator ]---------[ Portage, Indiana 46368 ]-------- -[ Crown.Net, Inc. ]---------[ Phone: (219)762-1431 ]-------- -[ gbieker@crown.net ]---------[ Fax: (219)762-0917 ]-------- ------------------------------------------------------------------------ ----[ All Unsolicited Commercial E-Mail Sent to this address may be ]--- -----[ subjected to a reading and archival fee not less than $500 ]----- ------------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message